Information about objects, Information about object groups, Licensing requirements for objects and groups – Cisco ASA 5505 User Manual

Page 364

Advertising
background image

13-2

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 13 Configuring Objects

Configuring Objects and Groups

Information About Object Groups, page 13-2

Information About Objects

Objects are created in and used by the ASA in the place of an inline IP address in any given
configuration. You can define an object with a particular IP address and netmask pair or a protocol (and,
optionally, a port) and use this object in several configurations. The advantage is that whenever you want
to modify the configurations created to this IP address or protocol, you do not need to modify all rules
in the running configuration. You can modify the object, and then the change automatically applies to
all rules that use the specified object. You can configure two types of objects: network objects and
service objects. These objects can be used in Network Address Translation (NAT), access lists, and
object groups.

Information About Object Groups

By grouping like objects together, you can use the object group in an ACE instead of having to enter an
ACE for each object separately. You can create the following types of object groups:

Protocol

Network

Service

ICMP type

For example, consider the following three object groups:

MyServices—Includes the TCP and UDP port numbers of the service requests that are allowed
access to the internal network.

TrustedHosts—Includes the host and network addresses allowed access to the greatest range of
services and servers.

PublicServers—Includes the host addresses of servers to which the greatest access is provided.

After creating these groups, you could use a single ACE to allow trusted hosts to make specific service
requests to a group of public servers.

You can also nest object groups in other object groups.

Licensing Requirements for Objects and Groups

The following table shows the licensing requirements for this feature:

Model

License Requirement

All models

Base License.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals